Date: Fri, 12 Sep 2008 16:16:50 +1000 From: Andrew Snow <andrew@modulus.org> To: Julian Elischer <julian@elischer.org> Cc: FreeBSD Net <freebsd-net@freebsd.org>, ipfw@freebsd.org Subject: Re: anyone have a netgraph node to do ipfw filtering? Message-ID: <48CA0952.50804@modulus.org> In-Reply-To: <20080912054832.Q65801@maildrop.int.zabbadoz.net> References: <48C97AB3.6040907@elischer.org> <20080912054832.Q65801@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I think what you ask can be done by: 1. sending the packet through ng_mbuf to tag it 2. sending it to ng_ipfw to be sent through IPFW 3. use IPFW rules to operate on packets with the particular tag you attached in #1 4. as the final IPFW rule, pass the packet back in to netgraph via a 'netgraph' IPFW rule. I have not tried this, no idea if it would work Best of luck! :-) - Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48CA0952.50804>